Did you know that the use of email predates the invention of the internet?

Electronic messages were being sent over the wire a long time before computer networks existed. In fact, email paved the way for the internet as we know it today.

Why you can’t trust email

When you read a message in your inbox, should you trust that the information hasn’t been tampered with or that it even comes from who it claims?

Sadly, email wasn’t designed with security in mind. The paradigm it is based on is that of a peer-to-peer network – messages are passed from server to server in plaintext (no encryption) until they reach their destination.

So even though you connect to your email provider securely to download your mail (normally using SSL/TLS security), there is nothing to stop your private communications being intercepted in transit.

Unlike other internet messaging (instant messengers or social media messaging), there are no central servers which control and govern the delivery of email, which can result in problems such as email spoofing (sending an email which is deliberately made to appear as if it is coming to be from someone else).

Despite this, communications made by email can still be legally binding and can be used in a court of law (for example, Naldi v Grunberg).

So how can you securely send emails, making sure that:

the recipient is convinced that it comes from you;

no one except the intended recipient can read the message; and

there’s no chance that someone could have tampered with the content of the message before it reaches its destination?

In 1991, Phil Zimmerman published a program called PGP (Pretty Good Privacy) which ensures all three of these things.

(In fact, it did such a good job of providing an easy way to send secure messages over email that Zimmerman became the target of a criminal investigation by the US government. It was deemed at the time that making software which provided such strong security outside of the US counted as “exporting arms” and violated US munitions export regulations.)

Encrypt email to make it trustworthy

Luckily, PGP, and similar software using the OpenPGP standard (such as GPG), is now legally available in most countries and is an excellent solution for securing email. A high level of security is provided by encrypting messages and digitally signing messages.

Encryption provides confidentiality – the contents of a message are protected so that it can only be read by the intended recipient.

A digital signature provides authentication of messages so that the recipient can be sure that it does actually come from you.

First invented by mathematicians Ellis, Cocks and Williamson in 1973 at GCHQ (and independently developed by Diffie and Hellman in 1976), public-key algorithms use a mathematical ‘trapdoor’ function to allow for asymmetric encryption of messages. That is to say, how you encrypt and decrypt a message is different.

This means anyone can encrypt a message – or analogously verify a digital signature as legitimate – with the ‘public’ part of the cryptographic key, but only the sole individual can decrypt a message – or digitally sign a message – using their secret ‘private’ part of the key.

How it works

Alice wants to securely email Bob without the chance that Eve could read or tamper with her message, and she wants Bob to be convinced that it does indeed come from her.

A simple demonstration (how the actual protocols work is slightly more involved, but the gist is the same) of how a PGP-like program would work is as follows:

First, Alice’s computer looks up Bob’s public key in a key-server, which acts like a massive address book, and encrypts the message using his public key.

Second, her own private key is used to add a digital signature to the message which is then sent to Bob.

Third, Bob’s computer then decrypts the message using his private key, and verifies the digital signature using Alice’s public key, similarly obtained from a key-server.

So the question is: how does Alice know that the public key for Bob – the one she has obtained from the key-server – is legitimate, and not a phony placed there by Eve instead?

The key part of this mechanism to ensure the legitimacy of public keys is called the web of trust.

This is an alternative to the public key infrastructure (PKI) model used by websites to issue SSL security certificates for use with HTTPS.

The idea is as follows: assume Alice and Bob have a mutual friend Charlie who they both trust. Charlie can vouch for both Alice and Bob because he knows them personally, and can verify the identity of them and their associated public keys. Charlie signs each of their public keys with his own. As Charlie trusts Bob, and Alice trusts Charlie (perhaps Alice has signed Charlie’s public key), this allows Alice to trust the authenticity of Bob’s public key.

While this sounds pretty unfeasible and is not without problems, it is actually very effective in allowing secure communications (with PGP systems or otherwise) without the need for expensive security certificates like those used by websites.

In fact, people even meet up at organised events known as ‘key signing parties’ to check each other’s identities and sign keys to allow this web of trust to propagate.

So why is email security of this sort not much more widespread? I’d guess it’s a combination of feasibility and awareness primarily. It’s not always that straight forward to start using public key encryption for email, and keeping your private key secure can be tricky when you are accessing emails from multiple devices. Moreover, knowledge of the downfalls of email perhaps aren’t as well-known as we would like them to be!

For domestic purposes, only those determined to safeguard their right to online privacy would want to be bothered with using these systems as routine. For businesses, however, designing email security policy is a much more delicate task in balancing cost and risk. Perhaps ISPs and email providers should be doing more to make widespread adoption of email security easier.

And maybe a key signing party would be a tad overkill for firing off a quick message to your boss to let them know you’ll be late to work, but it does provide the security assurances that email so badly lacks.

So next time a website informs you that they have ‘securely’ sent you a password reminder, consider how secure this actually is!

About the author

Julian Bhardwaj is currently a student at the University of Warwick studying for an undergraduate degree in Discrete Mathematics. As a self confessed crypto-geek, he has a passion for all things security related.

10 comments on “Email: the forgotten security problem”

All fine and good but PGP and S/MIME secure e-mail have been around for a long time and they haven’t been widely adopted. Usability and support for these approaches stinks so they failed in the marketplace.

I have insisted on using encrypted mail with all of my professional associates since 1998. It has been like pulling teeth. It has taken great effort just to get them to use encrypted mail; had I insisted on Web-of-Trust notarized identity trusting, I wouldn't have been able to communicate via email. No one else (besides myself) was willing to get their certs identity-trusted. I even became a Web of Trust notary. In the last 14 years I've had three requests for identity trusting. Clearly, the ignorance on this subject is epidemic.

I applaud Sophos' efforts to educate folks on the subject of encrypted mail, but it will be a long, uphill battle. People resist it. I don't know why they resist it; it's not rational to resist it. I mean, "OF COURSE you would want your communications to be secure…er, right?" Nope…evidently not. Against all reason, people don't seem to want to bother with securing their email communication. The mind stops.

I lay part of the blame at the feet of Internet service providers (ISPs) who provide mail servers. It seems to me that they have a high proprietary interest in secure communications. If they required their users to sign their messages, it would severely decrease the amount of spam, which is unsigned. (I doubt most spammers would sign their garbage with identity-trusted signatures.) At least, I've never received any spam that was signed.

ISPs should educate their users about the benefits of secure email, and should make it easy for users to get free PKCS certs. It would solve many problems, not the least of which is reducing the torrent of spam.

The e-mail encryption solutions that get used are those that use a portal approach. You send the e-mail to anyone. The e-mail is automatically encrypted and stored on the portal. the recipient get’s a notification and has to visit the portal and register, if they haven’t already, using the e-mail address used by the sender.

You also see this is file transfer technologies now. A business can setup a Managed File Transfer product that strips attachments of e-mails automatically and encrypts them on a portal site. The recipient has to login to the portal through a browser and SSL and retrieve the document. Alternatively, if someone wants to send someone in a company a document securely, they visit the company’s portal, enter the recipient’s address and attach the document.

I believe that part of the problem stems from the way providers of email applications and services like to 'convince' users, or potential users, that their system/service is already 'secure' when it clearly is not.
Many users are not sufficiently 'savvy' on security issues on computers systems and networks so they tend to accept what the vendor tells them, even if it is purely 'marketing speak' with little or no substantiable facts behind it.
If it were made a requirement that some form of PGP, or similar, security signing were used then we might have a safer email experience. Some 'secure areas of activity' (some related to governmental services and some to commercial activities) already require a much more secure form of rapid communication and rarely use email.

The fact is that email is terribly insecure but that insecurity doesn't result in a big penalty for end users most of the time. Or if it does those users are blissfully unaware.

The fact is that trying to get PKI working effectively (I don't mean effective technically I mean effective so that all the people you actually want to talk to are using it) is enormously more painful currently than the consequences of lack of security.

The exception that proves the rule is spam from spoofed senders. That is a result of the insecure nature of email and it does have material, visible, consequences for end users. As such a ton of time, money and effort has been thrown at spam filters and things like spf to straighten out the mess.

Just a little clarification. The article opens by acknowledging that email has existed since before " the internet as we know it today." (which usually means www,) And then goes to describe problems relating to a single type of email, that transmitted via SMTP across IP based wide area networks, but doesn't clarify this – indeed, by saying "Sadly, email wasn't designed with security in mind" you are tarring all email technologies with the same brush!

Much email before SMTP /was/ pretty secure – e.g. in 1980s' Britain, Prestel and Telecom Gold worked by having a centrally held messaging service. The sender details were added automatically and it never left their network. Even the likes of AOL and CompuServe, later on, worked in a similar fashion, as did any centrally operated service.

Many operations these days trying to circumvent the problems with SMTP are returning to this model of operation – hold the mail in one place, and make everyone connect directly in a manner that they can be validated.

"People don't encrypt their emails, because they aren't well informed!!" fixed.

Instead of hotmail telling us how to flag emails, how about putting step by step email together on how to encrypt and put it on a annual cycle to be sent to every hotmail account instead of throwing ads in our face and telling us what the next feature hotmail will have that no one will really use!!